Ken North

Dr. Dobb's Bloggers

Cloud Computing: Data Services, NoSQL and SQL Databases

February 01, 2011

The recent news on the NoSQL database front is that hackers are now looking into security vulnerabilities due to the architecture of NoSQL solutions. The best approach to security relies on multi-laye...

The past two months have repeatedly put the cloud and cloud data stores, such as SQL and NoSQL databases, on my radar screen. There have been announcements of new service offerings, new platforms and new concerns about architectural issues that introduce security vulnerabilities.Amazon Web Services (AWS) has the momentum of a snowball rolling downhill. It was no surprise AWS put out a steady stream of announcements of new capabilities, including one about Amazon Simple Email Services (SES). Accounts will be capable of sending 1 email message per second, up to 200 a day with verified addresses. If your application is approved for production mode, you can send up to 1000 e-mails per day.

The Amazon SES announcement was followed by news that Amazon is moving beyond Infrastructure as a Service (IaaS).

With hopes of becoming a major player in the Platform as a Service space, Amazon has announced the Elastic Beanstalk. It's a platform that exploits the power of Amazon services that include Elastic Compute Cloud (EC2), Elastic Load Balancing, Amazon CloudWatch, and Auto Scaling. The public beta release of Elastic Beanstalk supports development of cloud applications using Java, but Amazon has promised support for other languages. The Elastic Beanstalk AMI includes the Amazon Linux AMI running Apache Web Server, Tomcat, and Java Platform, Enterprise Edition. "The Many Flavors of Platform Services for Cloud Computing" has more information about the PaaS landscape.

Amazon's move into PaaS isn't the only recent expansion by a major cloud service provider. Salesforce.com previously made its development platform available via Force.com. Now it's also expanding into the Database as a Service (DaaS) market with the introduction of Database.com. The idea is that you can build applications that access the same databases in the infrastructure that supports Salesforce.com and Force.com, without binding to the development platform. This means you could take existing Java applications, for example, that operate with enterprise databases and port them to use databases in the Salesforce cloud. A JDBC driver for Database.com is currently available with an ODBC driver scheduled for future release.

Amazon complements the EC2 service with its Simple Storage Service (S3). It announced that S3 had more than doubled the number of objects it stored in a year's time. S3 services 200,000 storage requests per second. In the fourth quarter of 2009, S3 stored 102 billion objects. By the end of 2010, that number was 262 billion objects.

The recent news on the NoSQL database front is that hackers are now looking into security vulnerabilities due to the architecture of NoSQL solutions. The best approach to security relies on multi-layered or multi-level security, including built-in security in the database layer of applications.

Many web applications today rely on a network and application environment that supports secure networking, federated identity, encryption, authorization and authentication procedures. These are the types of security capabilities available to the developer using one of the NoSQL platforms. But system architects can also leverage the security features that are integral to enterprise SQL platforms. Whether on the web or in the enterprise, a robust SQL database deployment typically runs behind a firewall and uses those same application-level and network-level security capabilities. But to augment network and application security, a system architect can also take advantage of security in the database layer. The best SQL platforms support role-based security, encrypted communications, encrypted databases, stored procedures and in some cases, row-level security.

The message for system architects is take a close look at your use cases and requirements for security. For example, the designer of a massively-scalable web architecture for an open recipe exchange doesn't have the same concerns for privacy and data integrity as the architect of a web site to sell and buy Renewable Energy Credits.

To close out January 2011, Amazon also announced the Amazon Relational Data Service (RDS) will be adding support for Oracle 11g in the second quarter of 2011. That means you can pay on an hourly basis for the use of an Oracle 11g database, something that can be particularly economical for ad hoc projects. If you already have licenses for Oracle 11g, you can transfer them to AWS and your hourly rate will be reduced because you won't be paying for use of the software.The recent news on the NoSQL database front is that hackers are now looking into security vulnerabilities due to the architecture of NoSQL solutions. The best approach to security relies on multi-layered or multi-level security, including built-in security in the database layer of applications.

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task.
However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

This month's Dr. Dobb's Journal

This month,
Dr. Dobb's Journal is devoted to mobile programming. We introduce you to Apple's new Swift programming language, discuss the perils of being the third-most-popular mobile platform, revisit SQLite on Android
, and much more!